Q&A: The myths and realities of hacking an election

Steve Ragan |
Oct. 6, 2016

CSO Online asked several experts for their thoughts on the realities of election hacking

The answer here all depends on the voting mechanisms in use, Gundert said. DREs introduce complexity, as opposed to paper ballots, but the challenge for someone planning to hijack an election is really the scale of tampering necessary to affect the election's outcome. So on the scale of effort alone, a local election would be easier to coordinate than a national election.

"The same problems exist in both national and local elections, but with a few differing characteristics impacting risk vs reward," Rice said, offering his own take on the question.

"On one hand, the stakes are lower in local elections and therefore the adversaries with a vested interest in the compromise of a local election are likely to be less advanced. On the other hand, the smaller statistical sample and reduced level of scrutiny means that attacks are more likely to go undetected."

Q: How viable is it to hack into a given voting system? Would it be remote hacking or local physical access?

"A sufficiently motivated adversary would have no shortage of feasible strategies for the compromise voting computers," Rice said.

Voting systems, for the most part, run end-of-life Windows XP with no security updates, which is a serious problem. Another layer to attack would be connected systems, "and we've seen no evidence that these computers are universally and permanently air gapped," Rice added.

Additional risks and types of attack include a denial-of-service that could render computers inoperable in a targeted area.

"Most critically, the lack of transparency prevents any reasonable assurance that vote hacking did not occur. This lingering doubt is fertile breeding ground for conspiracy theorists to contest the election results in a manner that can not be strongly refuted. An inability for us to maintain a high degree of confidence in the authenticity of our election process is a threat to democracy in its own right," Rice said.

Q: Assume an attacker does get in and can alter election results somehow, how quickly could they be detected by local election officials or the federal government?

"Detection of tampering with a DRE system without a paper trail is unlikely if the DRE is operating properly. Obviously the unauthorized access to voter registration databases in Arizona and Illinois has already been detected," said Gundert.

Again, Rice adds, the issue of transparency comes into play, because without it, little is known about the controls that would detect such tampering. "This is insufficient," he said.

Q: Realistically, what would be the point of hacking the vote?

"Assuming an attacker could access large amounts of DRE systems (which is highly unlikely) and alter the removable media, potential motives would be numerous. A nation state effort aimed at disruption/chaos is one possibility," Gundert said.